diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-11 13:13:23 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-11 13:16:08 +0100 |
| commit | d5695602075139d347d36160bdb774eca85fdfa3 (patch) | |
| tree | ebbe51e2179f5822971212e5c6fe6c744f5a7d3e | |
| parent | 5a0fb95789651c05774cdc566eeda0d3151a811c (diff) | |
curl: add patch for CVE-2023-46218
Change-Id: I215bcc26b87d638189423eeaaa6c5b8d5b146bd4
(cherry picked from commit 2eba604fdae1bf5b8432b764b3cafe5072cc5fe6)
| -rw-r--r-- | external/curl/2b0994c29a721c91c57.patch | 48 | ||||
| -rw-r--r-- | external/curl/UnpackedTarball_curl.mk | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/external/curl/2b0994c29a721c91c57.patch b/external/curl/2b0994c29a721c91c57.patch new file mode 100644 index 000000000000..0bcc24c06aa5 --- /dev/null +++ b/external/curl/2b0994c29a721c91c57.patch @@ -0,0 +1,48 @@ +From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index 568cf537ad1b1..9095cea3e97f2 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain, strlen(domain)); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index d2eb21dc4e61..258332bf3ba5 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -24,6 +24,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-7.26.0_win-proxy.patch \ external/curl/zlib.patch.0 \ external/curl/CVE-2023-38545_7.87.0.patch \ + external/curl/2b0994c29a721c91c57.patch \ )) ifeq ($(SYSTEM_NSS),) |